Network Security: Detailed info on Re: HTTP REFERER not set in Internet Explorer

Subject:	Re: HTTP REFERER not set in Internet Explorer
Date:	Thu, 17 Nov 2005 08:05:38 -0800

Subject:

Re: HTTP REFERER not set in Internet Explorer

Date:

Thu, 17 Nov 2005 08:05:38 -0800

Hello All,

Thank ya all for the responses. I am aware that the HTTP_REFERER can
be easily forged. However I am using it in a context which makes it
somewhat useful. Our application is NOT completely dependent on the
HTTP_REFERER for security, there are other mechanisms involved as
well.

I am using HTTP_REFERER to:
1) Track users on the website. And use it to optimize the layout of the site.
2) Prevent direct linking to some of our web pages. Anti-leeching??? I
know this can be forged, but I think it will prevent newbie webmasters
from direct linking.

The following are solution that were proposed. Thanks :) They are very helpful.

------------ Solution 1 ------------------
<script language="JavaScript"><!--

function goto_url() {
// This JavaScript function, generate confirmation message for the license
to be deleted.
  if (userPressesYes()) {
       return true;
  } else {
     return false;
  }
}
</script>

<body>
<a href="referer_test.php?action=output" onClick="return goto_url();">Click
Here</a>;
------------------------------------------

-------------Solution 2 ------------------
location.href = 'script.php?href=' + escape( location.href );
------------------------------------------


In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: HTTP REFERER not set in Internet Explorer, (continued) Re: HTTP REFERER not set in Internet Explorer, Todd Hendricks Re: HTTP REFERER not set in Internet Explorer, Dean H. Saxe Re: HTTP REFERER not set in Internet Explorer, Greg Skouby RE: HTTP REFERER not set in Internet Explorer, Richard M. Smith Re: HTTP REFERER not set in Internet Explorer, Oleg Lecinski RE: HTTP REFERER not set in Internet Explorer, Amichai Shulman RE: HTTP REFERER not set in Internet Explorer, Jeff Robertson RE: HTTP REFERER not set in Internet Explorer, Einecker, Leah RE: HTTP REFERER not set in Internet Explorer, Ory Segal Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA Re: HTTP REFERER not set in Internet Explorer, Saqib Ali <= Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA RE: HTTP REFERER not set in Internet Explorer, drm Re: Re: HTTP REFERER not set in Internet Explorer, mike Re: Re: HTTP REFERER not set in Internet Explorer, Saqib Ali

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: HTTP REFERER not set in Internet Explorer, drm
Next by Date:	RE: Blind SQL Injection / Stored procedures, Evans, Arian
Previous by Thread:	Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA
Next by Thread:	Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: HTTP REFERER not set in Internet Explorer, drm

Next by Date:

RE: Blind SQL Injection / Stored procedures, Evans, Arian

Previous by Thread:

Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA

Next by Thread:

Re: HTTP REFERER not set in Internet Explorer, Yutaka OIWA

Indexes:

[Date] [Thread] [Top] [All Lists]